Loading ...
Sorry, an error occurred while loading the content.

NSA, Prism and privacy in the age of the Internet & more

Expand Messages
  • Cort Greene
    For secure connection use: https://secure.netsolhost.com/cryptome.org/index.html *2013-0619.htm NSA Office of
    Message 1 of 1 , Jun 12 9:43 AM
    • 0 Attachment
      For secure connection use:
      https://secure.netsolhost.com/cryptome.org/index.html

      *2013-0619.htm <http://cryptome.org/2013/06/nsa-tao.htm> NSA
      Office of Tailored Access Operations June 12, 2013*


      --------------------------------------
      http://www.marxist.com/nsa-prism-and-privacy-in-the-age-of-the-internet.htm

      NSA, Prism and privacy in the age of the
      Internet<http://www.marxist.com/nsa-prism-and-privacy-in-the-age-of-the-internet.htm>
      Written by Niklas Albin SvenssonWednesday, 12 June 2013
      [image: Print]<http://www.marxist.com/nsa-prism-and-privacy-in-the-age-of-the-internet/print.htm>[image:
      E-mail]<http://www.marxist.com/component/option,com_mailto/link,c432950e54f16d805039467e64f763b11ec01600/tmpl,component/>

      -
      -
      -

      Last week, Edwards Snowden became the latest in a long line of
      whistleblowers. It has been revealed that the US National Security Agency
      has been given backdoor access to telephone exchanges and a long range of
      online accounts from major service providers, underlining how the state
      breaches users’ privacy on a massive scale in order to get intelligence.
      [image: prism] <http://www.marxist.com/images/stories/science/prism.jpg>“Big
      data” and intelligence

      The latest buzzword among internet companies is “big data”. The industry
      has awoken to the fact that if you integrate lots of services, like
      Google’s Gmail, Drive, Calendar and Youtube, and then use these to track
      users’ behaviour, you end up with a huge amount of information on
      individuals. From the user’s point of view, merging data in this way
      certainly has advantages, allowing easy access to lots of different
      functions, but for a company it means an unprecedented ability to target
      advertising. Facebook is a business that is built on this, allowing
      businesses to target users with particular interests, “likes”, age,
      schools, etc.

      From the intelligence community’s point of view, it gives access to a huge
      amount of information on the social and professional networks of their
      targets. It gives them the ability to know pretty much constantly where you
      are and have a good guess at what you’re doing and who you are meeting
      there. They know what websites you’re visiting, what videos you watch
      online and so on. All on the basis of having access to your Google, ITunes
      and Facebook account.
      What recording metadata means

      Obama and other politicians claim that they are merely registering what
      they term “metadata”, i.e. the parties involved in a phone call, the sender
      and recipient of an email, etc. This is supposed to calm people’s fears
      that the government are listening in on their phone calls or reading their
      correspondence.

      The Electronic Frontier Foundation posted a pretty apt comment on this
      under the title Why Metadata
      matters<https://www.eff.org/deeplinks/2013/06/why-metadata-matters>
      :

      “They know you rang a phone sex service at 2:24 am and spoke for 18
      minutes. But they don't know what you talked about.

      “They know you called the suicide prevention hotline from the Golden Gate
      Bridge. But the topic of the call remains a secret.

      “They know you spoke with an HIV testing service, then your doctor, then
      your health insurance company in the same hour. But they don't know what
      was discussed.

      “They know you received a call from the local NRA office while it was
      having a campaign against gun legislation, and then called your senators
      and congressional representatives immediately after. But the content of
      those calls remains safe from government intrusion.

      “They know you called a gynecologist, spoke for a half hour, and then
      called the local Planned Parenthood's number later that day. But nobody
      knows what you spoke about.”

      The courts in the US have proclaimed that an IP address really is like a
      postal address and that we therefore have no right to keep it private.
      Using that analogy, what the US government is doing is the equivalent of
      ordering the post service to register every single letter being sent in a
      big database. If you are then found to have somehow communicated with
      someone on a security service list, all your letters would be opened, read,
      and then resealed. Now, most people would probably find that very intrusive
      and it is the sort of thing you’d expect from a totalitarian regime and not
      what we have been used to in the supposedly “democratic” West.
      Spying on foreigners

      The administration insists that they’re only spying on foreign citizens,
      that any spying on US citizens needs to go through the courts. Well, that’s
      a relief for all of us who are not US citizens. So, the US intelligence
      services are free to register all our information without any kind of court
      orders? Given that some of the largest internet companies in the world are
      US-based, it basically gives US intelligence unfettered access to all
      internet traffic.

      The PRISM programme is a huge embarrassment to US internet companies. There
      have long been suspicions that they have opened back-doors to US
      intelligence, and this now confirms it. Google, AOL, Microsoft, Yahoo,
      Apple, etc. obviously all deny any knowledge of this, but no one believes
      them.

      Many US companies and politicians have criticised the Chinese for precisely
      these types of activities. Both the British and US government is accusing
      Huawei of giving the Chinese this type of access through their telephone
      exchanges.

      Not just that, but non-US companies must be concerned that their data is
      being harvested by US intelligence agencies for industrial espionage. This
      is probably one of the reasons for the European Commission demanding
      privacy guarantees<http://www.guardian.co.uk/world/2013/jun/10/prism-european-commissions-privacy-guarantees>
      from
      the US.

      One element of this spy scandal is the increased competition between
      imperial powers for markets. Industrial espionage plays a key role in this.
      Media and the intelligence community

      The whole scandal, however, begs the question: Is it really news? The media
      presents it as though this is a new scandal, completely out of the blue. In
      reality, however, the press has a very short memory and undoubtedly the
      prolific use of gagging orders helps them forget.

      It is worth reminding ourselves of a few of these examples. In a quite comical
      video from November last
      year<http://www.youtube.com/watch?v=pMALsxxL6mI&feature=player_embedded>,
      promoting his book on encryption, Julian Assange points out how the FBI was
      granted access to David Petraeus’ Gmail account. He was at that time the
      head of the CIA. If they can use those kinds of measures against the most
      powerful person in the intelligence community, what can they not do to
      other US citizens?

      Then of course we have Echelon, which was a system to spy on radio
      transmissions and phone calls during the cold war, which of course was not
      dismantled after the collapse of the Soviet Union. The European Parliament
      reported it to have had voice recognition and being able to process
      thousands of phone calls, listening for key words. Although that system is
      outdated now, the method is pretty much the same here.

      The US government is furthermore reported to listen in on most internet
      traffic that goes through key hubs in the US and probably the UK as well.
      One such called Room 641A <http://en.wikipedia.org/wiki/Room_641A> was
      unearthed in 2006 inside an AT&T building. There are certainly more of
      these sites around the US and elsewhere. In fact, the PRISM network appears
      to be a compliment to the pre-existing infrastructure.

      The Electronic Frontier Foundation has been campaigning against government
      surveillance of the Internet since the early 1990s. They provide a self-help
      guide <https://ssd.eff.org/>, which gives a useful insight into the extent
      of the government’s powers, which are pretty much unlimited when it comes
      to foreign “threats”.

      The recent revelations about PRISM and internet surveillance are therefore
      not really news but it does a great service to general awareness that it
      has now been brought into the open.
      A battle being prepared

      So what if the government spies on me? What practical implications does it
      have? I’ve got nothing to hide. That’s what the governments across the
      world would like us to think. In reality, however, increased state
      surveillance is a preparation for coming class battles. The idea, of
      course, is to target labour movement activists. Although a lot of noise has
      been made about the threat of “terrorism” in the press, in reality the
      intelligence services still devote a lot of attention to left-wing groups.
      Undoubtedly, they have agents in trade unions and political organisations.

      With intelligence they will try to chop the head off the movement. They
      will use blackmail, harassment, imprisonment and in extreme cases possibly
      even assassinations. The data they get provided by the internet companies
      will be most helpful in this regard and much cheaper than planting lots of
      agents everywhere.

      Bourgeois analysts would also like to predict the future, apparently. In
      the typical brazen attitude of the business press, *Businessweek* reported
      in February<http://www.businessweek.com/articles/2013-02-05/what-the-intelligence-community-is-doing-with-big-data>
      on how intelligence agencies using tweets and Facebook data (collected
      from where?) want to find a way of predicting popular revolts. How
      successful they will be in this endeavour is another matter, but it shows
      quite clearly what types of “threats” they concern themselves with.

      These latest revelations only show that the ruling class is preparing for
      serious class battles in the future. The labour movement must do the same.
      However, it is not through conspiratorial methods that labour and youth
      activists can win this battle. We cannot seriously expect all working class
      activists to encrypt their communication and their IP addresses. We cannot
      seriously expect them to stop using Google, Facebook, Yahoo or Hotmail. The
      bourgeois state has in fact always used spying and infiltration of labour
      movement organisations and it is perfectly logical that this has now been
      extended to the field of the internet.

      The internet is like a two sided blade; it can be used by the state to spy
      on activities, but it is also a very useful instrument in spreading the
      ideas of genuine socialism and building up opposition to the capitalist
      system as a whole. We need to use the opportunities opened up by modern
      technology, not just websites, but also Facebook and cheap internet phone
      calls through services like Skype. It provides a tremendous opportunity for
      sharing of Marxist ideas across the world.

      Once such ideas grip the minds of the millions of downtrodden workers and
      poor, no amount of internet spying is going to be able to hold them back.
      During the Egyptian revolution the state tried blocking the use of the
      internet, as if this were the cause of the revolution. In the end,
      thousands of brutal secret police, backed by the CIA, did not stop Ben Ali
      or Mubarak from being overthrown.

      The labour movement should make demands on national governments, for an end
      to secret courts, gagging orders, etc. If all the covert measures they are
      adopting have a rational motivation, let them prove it in public. In the
      end, however, we must maintain a sense of proportion and understand that as
      long as the bourgeois state remains, so will the spying and intriguing that
      goes with it. A real end to such spying will only come when society itself
      has been transformed and when the bourgeois state has been removed.

      -----------------------
      NSA PRISM Slides: Notice Anything Unusual or
      Missing?<http://www.emptywheel.net/2013/06/12/nsa-prism-slides-notice-anything/>
      By: Rayne <http://www.emptywheel.net/author/rayne/> Wednesday June 12, 2013
      12:00 pm

      We haven’t seen (and likely will never see) all of the NSA slides former
      Booz Allen employee Edward Snowden shared with the
      Guardian-UK<http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data>
      and
      the Washington Post<http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/>.
      But the few that we have seen shared by these two news outlets tell us a
      lot — even content we might expect to see but don’t tells us something.

      First, let’s compare what appears to be the title slide of the presentation
      — the Guardian’s version first, followed by the WaPo’s version. You’d think
      on the face of it they’d be the same, but they aren’t.

      [image: [NSA presentation, title slide via
      Guardian-UK]]<http://www.emptywheel.net/wp-content/uploads/2013/06/GuardianUK_NSASlide_Prism-008_06JUN2013_300pxw.jpg>

      [NSA presentation, title slide, via Guardian-UK]
      [image: [NSA presentation, title slide, via Washington
      Post]]<http://www.emptywheel.net/wp-content/uploads/2013/06/WaPo_Prism-Slide1_06JUN2013_300pxw1.jpg>

      [NSA presentation, title slide, via Washington Post]
      Note the name of the preparer or presenter has been redacted on both
      versions; however, the Guardian retains the title of this person, “PRISM
      Collection Manager, S35333,” while the WaPo completely redacts both name
      and title.

      This suggests there’s an entire department for this program requiring at
      least one manager. There are a number of folks who are plugging away at
      this without uttering a peep.

      More importantly, they are working on *collection* — not exclusively on
      search.

      The boldface reference to ”The SIGAD Used *Most* in NSA Reporting” suggests
      there are more than the PRISM in use as SIGINT Activity Designator tools.
      What’s not clear from this slide is whether PRISM is a subset of U-984XN or
      whether PRISM is one-for-one the same as U-984XN.

      Regardless of whether PRISM is inside or all of U-984XN, the presentation
      addresses the program “used most” for reporting; can we conclude that
      reporting means the culled output of mass *collection*? Continue
      reading →<http://www.emptywheel.net/2013/06/12/nsa-prism-slides-notice-anything/#more-35905>


      Posted in Cybersecurity <http://www.emptywheel.net/category/cybersecurity/>
      , FISA <http://www.emptywheel.net/category/fisa/>,
      Intelligence<http://www.emptywheel.net/category/intelligence/>
      | Tagged FISA Amendments Act<http://www.emptywheel.net/tag/fisa-amendments-act/>
      , NSA <http://www.emptywheel.net/tag/nsa/>,
      PRISM<http://www.emptywheel.net/tag/prism/>
      , Section 215 <http://www.emptywheel.net/tag/section-215/>, Section
      702<http://www.emptywheel.net/tag/section-702/>
      , SIGAD <http://www.emptywheel.net/tag/sigad/>,
      U-984XN<http://www.emptywheel.net/tag/u-984xn/>
      | *6* Replies<http://www.emptywheel.net/2013/06/12/nsa-prism-slides-notice-anything/#comments>Is
      the Section 215 Dragnet Limited to Terrorism
      Investigations?<http://www.emptywheel.net/2013/06/12/is-the-section-215-dragnet-limited-to-terrorism-investigations/>
      By: emptywheel <http://www.emptywheel.net/author/emptywheel/> Wednesday
      June 12, 2013 10:50 am

      Unlike PRISM<http://www.emptywheel.net/2013/06/10/section-702-is-used-for-terror-proliferation-and-hacking/>,
      most public discussions about the Section 215 dragnet program suggest that
      it is tied to terrorism. It’s a claim, for example, that Charlie Savage
      makes in this story<http://www.nytimes.com/2013/06/12/us/aclu-files-suit-over-phone-surveillance-program.html?_r=0>,
      which he traces
      back<https://twitter.com/charlie_savage/status/344820739674886145> to
      this statement from Director of National Security James Clapper.

      And indeed, that
      statement<http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information>
      does
      claim the program is limited to terrorism investigations.

      The collection is broad in scope because more narrow collection would limit
      our ability to screen for and identify *terrorism*-related communications.
      Acquiring this information allows us to make connections related to *
      terrorist* activities over time. The FISA Court specifically approved this
      method of collection as lawful, subject to stringent restrictions.

      The information acquired has been part of an overall strategy to protect
      the nation from *terrorist* threats to the United States, as it may assist *
      counterterrorism* personnel to discover whether known or suspected *
      terrorists* have been in contact with other persons who may be engaged in *
      terrorist* activities.

      [snip]

      By order of the FISC, the Government is prohibited from indiscriminately
      sifting through the telephony metadata acquired under the program. All
      information that is acquired under this program is subject to strict,
      court-imposed restrictions on review and handling. *The court only allows
      the data to be queried when there is a reasonable suspicion, based on
      specific facts, that the particular basis for the query is associated with
      a foreign terrorist organization*. Only specially cleared
      *counterterrorism*personnel
      specifically trained in the Court-approved procedures may even access the
      records.

      All information that is acquired under this order is subject to strict
      restrictions on handling and is overseen by the Department of Justice and
      the FISA Court. Only a very small fraction of the records are ever reviewed
      because the vast majority of the data is not responsive to any
      *terrorism*-related
      query. [my emphasis]

      Even assuming James “Least Untruthful Too Cute by Half” Clapper can be
      trusted on this point, consider a few things about this statement.

      - It was released after only the first Guardian release. Thus, it was
      almost certainly rushed. And while NSA has claimed they had identified
      Edward Snowden before he started publishing, it is possible they did not
      know precisely what he had taken (though it is equally possible they
      already knew).
      - Clapper avoids mentioning precisely what program he is referring to in
      this statement, not even mentioning the Section 215 authority directly
      (though he does mention the PATRIOT Act. The Executive Branch has a
      well-established history — on this and related programs precisely — in
      addressing just a subset of a program so as to try to hide larger parts of
      it.

      In addition, recall that when DOJ Inspector General Glenn Fine referred to
      these secret programs in a 2008
      report<http://www.usdoj.gov/oig/special/s0803a/final.pdf> on
      the use of Section 215, he spoke in the plural and included two classified
      appendices to describe them. In 2011, Acting Assistant Attorney General
      Todd Hinnen referred only
      to<http://judiciary.house.gov/hearings/pdf/Hinnen03092011.pdf>
      programs,
      plural. Thus, there almost certainly are at least two secret programs, and
      Michael Hayden has claimed Obama has expanded the use of this authority,
      which might mean there are more than two.

      Furthermore, compare Clapper’s statement from June 6 — which mentioned only
      terrorists — with how he explained the dragnet
      program<http://www.nbcumv.com/mediavillage/networks/nbcnews/pressreleases?pr=contents/press-releases/2013/06/09/nbcnewsexclusiv1370799482417.xml>
      to
      Andrea Mitchell on June 9.

      ANDREA MITCHELL: At the same time, when Americans woke up and learned
      because of these leaks that every single telephone call in this United
      States, as well as elsewhere, but every call made by these telephone
      companies that they collect is archived, the numbers, just the numbers, and
      the duration of these calls. People were astounded by that. They had no
      idea. They felt invaded.

      JAMES CLAPPER: I understand that. But first let me say that I and everyone
      in the intelligence community all– who are also citizens, who also care
      very deeply about our– our privacy and civil liberties, I certainly do. So
      let me say that at the outset. I think a lot of what people are– are
      reading and seeing in the media is a lot of hyper– hyperbole.
      A metaphor I think might be helpful for people to understand this is to
      think of a huge library with literally millions of volumes of books in it,
      an electronic library. Seventy percent of those books are on bookcases in
      the United States, meaning that the bulk of the of the world’s
      infrastructure, communications infrastructure is in the United States.

      There are no limitations on the customers who can use this library. Many
      and millions of innocent people doing min– millions of innocent things use
      this library, but there are also nefarious people who use it. *Terrorists,
      drug cartels, human traffickers, criminals* also take advantage of the same
      technology. So the task for us in the interest of preserving security and
      preserving civil liberties and privacy is to be as precise as we possibly
      can be when we go in that library and look for the books that we need to
      open up and actually read.

      You think of the li– and by the way, all these books are arranged randomly.
      They’re not arranged by subject or topic matter. And they’re constantly
      changing. And so when we go into this library, first we have to have a
      library card, the people that actually do this work.

      Which connotes their training and certification and recertification. So
      when we pull out a book, based on its essentially is– electronic Dewey
      Decimal System, which is zeroes and ones, we have to be very precise about
      which book we’re picking out. And if it’s one that belongs to the– was put
      in there by an American citizen or a U.S. person.

      We ha– we are under strict court supervision and have to get stricter– and
      have to get permission to actually– actually look at that. So the notion
      that we’re trolling through everyone’s emails and voyeuristically reading
      them, or listening to everyone’s phone calls is on its face absurd. We
      couldn’t do it even if we wanted to. And I assure you, we don’t want to.

      ANDREA MITCHELL: Why do you need every telephone number? Why is it such a
      broad vacuum cleaner approach?

      JAMES CLAPPER: Well, you have to start someplace. If– and over the years
      that this program has operated, we have refined it and tried to– to make it
      ever more precise and more disciplined as to which– which things we take
      out of the library. But you have to be in the– in the– in the chamber in
      order to be able to pick and choose those things that we need in the
      interest of protecting the country and gleaning information on terrorists
      who are plotting to kill Americans, to destroy our economy, and destroy our
      way of life.

      In speaking of the way in which the government uses this dragnet collection
      as a kind of Dewey Decimal system to identify communications it wants to go
      back and view, he doesn’t limit it to terrorists. Indeed, he doesn’t even
      limit it to those foreign intelligence uses the PATRIOT Act authorizes,
      like counterintelligence (though Obama’s roll-out of Transnational Crime
      Organization initiative<http://www.emptywheel.net/2011/07/26/four-mobs-yet-more-bizarre-thinking-behind-administrations-transnational-crime-program/>
      in
      2011 — which effectively started treating certain transnational crime
      networks just like terrorists — may suggest only those crime organizations
      are being targeted).

      Given two more days of disclosures after his initial Section 215 statement,
      Clapper acknowledged<http://www.emptywheel.net/2013/06/10/section-702-is-used-for-terror-proliferation-and-hacking/>
      that
      PRISM has been used (at a minimum) to pursue weapons proliferators and
      hackers in addition to terrorists. Then, the next day, he at least seemed
      to suggest that Section 215 collection is used to pinpoint not just
      terrorists, but also drug cartels and other criminal networks.

      And as I’ll show in a follow-up post, it seems to have targeted far more
      than that.

      - See more at: http://www.emptywheel.net/#sthash.BfLdOtUW.dpuf


      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.